CVE-2026-6675

| EUVD-2026-24058 MEDIUM
2026-04-21 Wordfence
Information Disclosure WordPress
5.3
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

1
Analysis Generated
Apr 21, 2026 - 02:55 vuln.today

DescriptionNVD

The Responsive Blocks - Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplied via a public REST API route. This makes it possible for unauthenticated attackers to send arbitrary emails to any recipient of their choosing through the affected WordPress site's mail server, effectively turning the site into an open mail relay.

AnalysisAI

Unauthenticated open email relay in Responsive Blocks - Page Builder for Blocks & Patterns WordPress plugin (versions up to 2.2.0) allows remote attackers to send arbitrary emails through the affected site's mail server via a public REST API endpoint lacking authorization checks and email recipient validation. The vulnerability enables attackers to abuse WordPress sites for spam distribution and phishing campaigns without authentication.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6675 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy